Laws and regulations governing the use of electronic signatures and digital signatures in the UAE include:
- The E-Commerce Law (Law No. (1) of 2006 On Electronic Commerce and Transactions) which is the key piece of legislation governing the use of electronic signatures in the UAE.
- Ministerial Resolution (Minister of Economy Resolution No. 1 of 2008 issuing the list of the Electronic Certification Services Providers), which addresses regulation of Certification Service Providers (as defined under the E-Commerce Law) by the Telecommunications Regulatory Authority.
- Civil Evidence Law (Federal Law No. 10 of 1992 concerning Law of Evidence in Civil and Commercial Transactions (as amended by Federal Law No. 36 of 2006)) which clarifies that Electronic Signatures (as defined under the E-Commerce Law) carry the same evidential weight as handwritten signatures, provided they meet the standards prescribed in the E-Commerce Law.
The E-Commerce Law distinguishes between Electronic Signatures and Secure Electronic Signatures per the following descriptions:
- An Electronic Signature is defined as any letters, numbers, symbols, voice or processing system in electronic form applied to, incorporated in, or logically associated with an electronic message with the intention of authenticating or approving the same.
- A Secure Electronic Signature is one by which, through the application of a prescribed or commercially reasonable Secure Authentication Procedure agreed to by the parties, it can be verified that an Electronic Signature was, at the time of its execution:
- Limited to the person using it;
- Capable of verifying the identity of that person;
- Under that person's full control, whether in relation to its creation or the means of using it at the time of signing; and
- Linked to the electronic message to which it relates, in a manner which provides reliable assurance as to the integrity of the signature, so that if the electronic record is changed, then the Electronic Signature shall become unprotected.
In the UAE, an Electronic Authentication Certificate issued by an accredited Certification Service Provider may be used to fulfill the requirements of a Secure Electronic Signature if it verifies:
- The identity of the certification services provider;
- That the person whose identity is determined in the electronic authentication certificate had control at the time (of signing) of the Electronic Signature creation tool stated in such certificate;
- That the signature creation tool was valid on or before the date of issue of the electronic authentication certificate;
- Whether or not there are any limitations to the purpose or value for which the signature creation tool or the electronic authentication certificate may be used;
- Whether or not there are any limitations to the scope or extent of liability accepted by the certification services provider to any third party.
In the UAE, a Certification Service Provider is defined as an accredited or authorized person or organization that provides services in connection or relation to Electronic Signatures. Authorized Certification Service Providers are listed at Telecommunications Regulatory Authority (TRA). To date, the only Certification Service Provider currently located and licensed in the UAE by the TRA is Dark Matter L.L.C. However, unregistered Certification Service Providers may be used if they have a level of reliability at least equal to that required by the E-Commerce Law (taking into consideration recognized international standards).
A key principle of the UAE E-Commerce Law is that Electronic Signatures and Electronic Authentication Certificates can be relied upon where reliance is acceptable (subject to any restrictions in other laws or regulations). In order to determine if it is acceptable to rely on an Electronic Signature or an Electronic Authentication Certificate, the following factors should be considered:
- The nature of the underlying transaction;
- The value or importance of the underlying transaction, if known;
- Whether the relying party has taken appropriate steps to determine the reliability of the Electronic Signature or the Certificate;
- Whether the relying party in respect of the Electronic Signature or certificate took reasonable steps to verify if the Electronic Signature was supported by an Electronic Authentication Certificate, or if it should be expected to be so supported;
- Whether the relying party knew or ought to have known that the Electronic Signature or the Certificate had been compromised or revoked;
- Any agreement or course of dealing between the originator and the relying party, or any trade usage which may be applicable;
- Any other relevant factor.
While the above factors should be considered when determining if reliance on any Electronic Signature is acceptable, a Secure Electronic Signature carries a rebuttable presumption that reliance is acceptable (absent any proof to the contrary).
The E-Commerce Law confirms that if the law requires a document to be signed, an Electronic Signature will satisfy this requirement and have the same evidential weight, provided that the requirements of the E-Commerce Law are met. The E-Commerce Law also provides that in any legal proceedings, the rules of evidence cannot prevent the admission of a data message or Electronic Signature:
- on the grounds that the message or signature is in electronic format; or
- if the data message or Electronic Signature is the best evidence that could be obtained in lieu of the original.
Special Considerations
In the UAE, there are several items that require specific consideration, most notably that there are unique laws that govern the DIFC, an independent jurisdiction within the UAE. Additionally, special consideration should be noted regarding the laws that regulate the transfer and use of personal and transactional data in the UAE including:
- The UAE Central Bank’s Regulatory Framework for Stored Values and Electronic Payment Systems, which regulates payment service providers;
- The TRA UAE’s Internet of Things Regulatory Policy (IoT Policy)
Transacting with public sector entities
According to the E-Commerce Law Article 6(3), the government must expressly consent to conducting business electronically. Additionally, certain government entities may have specific requirements or procedures regarding the electronic execution of documents. Thus, when contracting electronically with the government, it is recommended to include specific wording stating that the government expressly acknowledges that the electronic execution of the document will be valid and binding.
Use cases that generally require a traditional signature
Under the E-Commerce law, Electronic Signatures cannot be used for the following documents:
- Transactions and matters concerning civil status like marriage, divorce and wills;
- Title deeds of real estate;
- Bonds in circulation (i.e. negotiable instruments);
- Transactions concerning the sale and purchase of real estate, its disposition and rental for periods in excess of ten years and the registration of any other rights related to it;
- Any document required by law before Notary Public; and
- Any other documents or transactions to be excluded by a special legal term.
Dubai International Financial Centre (DIFC)
As an independent jurisdiction within the UAE, the DIFC is governed by the Electronic Transactions Law No. 2 of 2017 (Electronic Transactions Law) which is the primary legislation governing electronic signatures. The Electronic Transactions Law was designed to:
- facilitate electronic transactions in DIFC and eliminate barriers to electronic transactions resulting from uncertainties over writing and signature requirements;
- promote the development of the legal and business infrastructure necessary to implement secure electronic transactions in DIFC; and
- help establish uniformity of rules, regulations and standards in DIFC regarding the authentication and integrity of electronic records.
The Electronic Transactions Law defines an Electronic Signature as an electronic sound, symbol or process attached to or logically associated with a record and executed or adopted by a person with the intent to sign the record. Additionally, the Electronic Transactions Law requires that an Electronic Signature be attributable to the person signing, which requires that it be shown that it was the act of the person. The act of the person may be shown in any manner, including a showing of the efficacy of any security procedure applied to determine the person to which the electronic record or Electronic Signature was attributable. The effect of an Electronic Signature attributed to a person is determined from the context and surrounding circumstances at the time of its creation, execution, or adoption, including the parties’ agreement, if any, and otherwise as provided by law.
In the DIFC, an Electronic Signature is deemed to identify the relevant person and to indicate that person’s intention in respect of the Information contained in the Electronic Record provided that the Electronic Signature is:
- as reliable as appropriate for the purpose for which the document or record was generated or communicated, in the light of all the circumstances, including any relevant agreement; or
- proven in fact to have fulfilled the functions described in paragraph (a), by itself or together with further evidence.
The Electronic Transactions Law confirms that if any law requires a document to be signed, an Electronic Signature will satisfy the requirement. The law also states that nothing shall prevent the admission of an Electronic Signature in evidence on the grounds that the signature is in electronic format. Although there is no express provision within the Electronic Transactions Law for the use of certificate-based digital certificates, an entity registered in the DIFC may choose to use a certificate-based digital signature to add an increased layer of protection to its Electronic Signatures and demonstrate that it had met the attribution requirements under the Electronic Transactions Law.
DIFC Special considerations
Under DIFC Data Protection Law No. 1 of 2007 (Data Protection Law), personal data can only be transferred out of the DIFC under the limited circumstances set out under the Data Protection Law. However, the obligations of the Data Protection Law only apply to Data Controllers.
DIFC Use cases that generally require a traditional signature
Article 8 of the Electronic Transactions Law states that the following types of transactions are excluded from being conducted electronically:
- Creation, performance or enforcement of a power of attorney
- Creation, performance or enforcement of a declaration of trust (with the exception of implied, constructive and resulting trusts) and any provision in the Trust Law 2005 requiring Information to be written or in writing
- Creation and execution of wills, codicils or testamentary trusts
- Creation, execution and use of affidavits or affirmations as evidence in court proceedings pursuant to rule 29 of the Rules of the Dubai International Financial Centre Courts 2014
- Sale, purchase, lease (for a term of more than 10 years) and other disposition of immovable property and the registration of other rights relating to immovable property
Source helpx.adobe.com
Published, December 9, 2020
Adobe Legal Notices: https://helpx.adobe.com/legal/legal-notices.html
SigniFlow recommends Adobe Acrobat Reader to validate digital signatures
Disclaimer:
The information in this website is provided for general informational purposes only. No information contained in this website should be construed as legal advice from SigniFlow or any individual author, nor is it intended to be a substitute for legal counsel on any subject matter. No reader of this website should act or refrain from acting on the basis of any information included in, or accessible through, this website without seeking the appropriate legal or other professional advice on the particular facts and circumstances at issue.